Ticket #3454 (closed defect: fixed)

Opened 16 months ago

Last modified 6 months ago

Using real JID in MUC for getting info

Reported by: shir Owned by: asterix
Priority: normal Milestone: 0.12
Component: None Version: svn
Severity: critical Keywords:
Cc: OS: All

Description

If in MUC i konw real JID of user, then for getting info Gajim use my real JID for getting vCard and status info. So user in MUC can know my real JID.

Attachments

Change History

follow-ups: ↓ 2 ↓ 5   Changed 16 months ago by asterix

vcard are requestd to user's server, not to user directly. So he can't know your real JID with vcard. But he ca cause we also request OS information and Client information.

We did that cause some MUC components don't forward vcard request, so we can't see avatars, even in non-anonymous rooms. see [3054]

in reply to: ↑ 1   Changed 16 months ago by anonymous

In one of MUC where im am a moderator, user know my real JID. He said that he had requests about him status from my real jid, but i don't have this user in my roster? only in this MUC.

  Changed 13 months ago by asterix

you're riht it's what is explained in XEP-045

  Changed 13 months ago by shir

There saying that uer must send him jid to moderator? but moderator musn't send him jid to user.

in reply to: ↑ 1   Changed 8 months ago by Jim++

Replying to asterix:

see [3054]

He meant see #3054

  Changed 8 months ago by Jim++

  • version set to svn
  • severity changed from normal to critical
  • milestone set to 0.12

  Changed 8 months ago by anonymous

This is a serious security flaw. I am admin of a semi-anonymous room, in which I banned one participant for causing trouble.

This person sought revenge by flooding me with thousands of messages *direct to my JID*, which he easily discovered because of this bug.

In an anonymous room this does not matter, but the XEP says for a semi-anonymous room (where only admins and moderators can see JIDs) that:

"If an occupant wants to send an IQ stanza to another user in a semi-anonymous room, the sender can direct the stanza to the recipient's room JID and the service MAY forward the stanza to the recipient's real JID. However, a MUC service MUST NOT reveal the sender's real JID to the recipient at any time, nor reveal the recipient's real JID to the sender."

This may/may not apply to vCards, where you actually send an IQ to the user's server. Only if the user has access to the server can they find your JID then. This is a trade-off between being able to see some people's avatars, or preserving your anonymity.

I hope there are now no doubts that this should be fixed immediately.

  Changed 6 months ago by asterix

  • status changed from new to closed
  • resolution set to fixed

(In [9905]) don't request jabber:iq:last and jabber:iq:version to real jid in a (semi) anonymous room, even if we're moderator and we know the real JID. Fixes #3454

Add/Change #3454 (Using real JID in MUC for getting info)

Author



Change Properties
<Author field>
Action
as closed
Next status will be 'reopened'
 
Note: See TracTickets for help on using tickets.